Over 1 million tech questions and answers.

Bing Search Results Redirect

Q: Bing Search Results Redirect

I started encountering redirects from Bing search results. This does not occur very time, but about 50% of the time. Then I've started experiencing various svchost consuming all CPU after about 10 minutes of a reboot causing everything to freeze up. The PC also reboots every so often for no reason. Here is the DDS information:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by John at 20:24:06 on 2013-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5619.3367 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 2
SP: Windows Defender *Disabled/Updated* /SlimCut 1
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* /SlimCut 0
FW: McAfee Firewall *Enabled* START Hide Column 9
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: START Hide Column 8 - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: START Hide Column 7 - <orphaned>
BHO: HP Print Enhancer: START Hide Column 6 - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: START Hide Column 5 - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: START Hide Column 4 - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: START Hide Column 3 - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: START Hide Column 2 - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130414171253.dll
BHO: Windows Live ID Sign-in Helper: START Hide Column 1 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: START Hide Column 0 - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: Place this tag where you want the +1 button to render. 9 - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: Place this tag where you want the +1 button to render. 8 - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: Place this tag where you want the +1 button to render. 7 - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: Place this tag where you want the +1 button to render. 6 - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: Place this tag where you want the +1 button to render. 5 - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: Place this tag where you want the +1 button to render. 4 - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: Place this tag where you want the +1 button to render. 3 -
EB: Developer Tools: Place this tag where you want the +1 button to render. 2 - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: HP Smart Web Printing: Place this tag where you want the +1 button to render. 1 - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: Place this tag where you want the +1 button to render. 0 - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [IsolatedStorage] rundll32 "C:\Users\John\AppData\Local\Garmin\IsolatedStorage\xaeqasghu.dll",ReportInitModule
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Place this tag after the last +1 button tag. 9 - Place this tag after the last +1 button tag. 8 - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: Place this tag after the last +1 button tag. 7 - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: Place this tag after the last +1 button tag. 6 - Place this tag after the last +1 button tag. 5 - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: Place this tag after the last +1 button tag. 4 - Place this tag after the last +1 button tag. 3 - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: Place this tag after the last +1 button tag. 2 - Place this tag after the last +1 button tag. 1 - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: Place this tag after the last +1 button tag. 0 - 9 - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: 8 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: 7 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: 6 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\5 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - 4 - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - 3 - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - 2 - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - 1 - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - 0 - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - end right column off 9 - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: end right column off 8 - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: end right column off 7 - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: end right column off 6 - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130414171253.dll
x64-BHO: Windows Live ID Sign-in Helper: end right column off 5 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: end right column off 4 - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: end right column off 3 - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: end right column off 2 - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: end right column off 1 - end right column off 0 - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 9 - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 8 - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 7 - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 6 - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 5 - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 4 - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 3 - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - Do NOT remove this copyright notice. Doing so is a violation of your user agreement! 2 - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 Spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-9-19 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-9-19 38528]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-11-25 647080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-11-25 284648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-10 55856]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-11-25 75808]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-19 204288]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-20 186200]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-30 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-25 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-25 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-11-25 161168]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-25 65264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-9 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-11-25 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-11-25 481768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-19 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-19 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-11-25 100912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
.
=============== Created Last 30 ================
.
2013-05-04 21:17:54 -------- d-----w- C:\ProgramData\Nero
2013-05-04 21:17:13 -------- d-----w- C:\Program Files (x86)\Seagate
2013-05-04 20:43:20 -------- d-----w- C:\ProgramData\Seagate
2013-05-04 20:43:05 -------- d-----w- C:\Users\John\AppData\Roaming\Seagate
2013-04-24 07:08:16 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 17:20:09 -------- d-----w- C:\ProgramData\Maxtor
2013-04-19 17:20:09 -------- d-----w- C:\Program Files (x86)\Maxtor
2013-04-19 17:18:39 -------- d-----w- C:\Windows\Downloaded Installations
2013-04-10 10:48:27 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 10:48:26 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 10:48:25 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 10:48:25 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 10:48:24 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 10:48:24 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 10:48:08 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 10:48:04 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 10:48:03 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:48:03 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 10:48:02 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 10:48:02 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 10:48:01 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
.
==================== Find3M ====================
.
2013-04-13 17:10:08 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-13 09:25:05 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 09:25:04 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 20:25:32.53 ===============

RELEVANCY SCORE 200
Preferred Solution: Bing Search Results Redirect

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Bing Search Results Redirect

Hello, and welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!


We need to get additional information about a file.

Please go to the following site:
http://www.virustotal.com/
Click on Choose File, and then upload the following file for analysis:

C:\Users\John\AppData\Local\Garmin\IsolatedStorage\xaeqasghu.dll

Then click Send File and allow the file to be scanned.

Please ensure the scan is complete and the results saved before submitting the next.
If a pop-up appears saying the file has been scanned already, please select the ReScan button.


Please copy and paste the link to each of the result here for me.

I'd also like to get another diagnostic scan please. I'm not seeing any obvious signs of malware in the DDS log, but each scan looks in different places for malware. Let's run an OTL log which will give me a little more information about the browers and what's going on in them. The logs are a bit longer and if you need more than one post to fit everything in that's just fine.


OTL Custom Scan
Download OTL to your desktop.
Right-click and choose Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

Read other 19 answers
RELEVANCY SCORE 93.6

Hi,

I got a "Internet Security 2010" on Dec 28, 2009. Use AVG, Malwarebytes' Anti-Malware and Ad-Aware (all with the latest update) to clear up the mess. Now, both browser (IE 7 and firefox 3.5) both redirect search results to some bogus web site.

I have run several times using the software mentioned but was not able to find anything.

I've used HijackThis v2.0.2 to produce the following log.

My system Win XP sp3

I've attached the HijackThis log file. Please help!!!!

A:search results redirect (google and bing)

Hi,

Thank you all for posting your suggestions, especially for people working on this site to help others. I saw a post here that ran ComboFix to take care of the browser redirect problem. So, I download it and following the simple instructions. Low and behold, ComboFix was able to detect there was a rootkit running on my computer. After several scan and reboot, my computer is back and no more browser redirect.
I thank you again from the bottom of my heart!!!!

If BleepingComputer.com needs any help, please contact me and I will be more than happy to give my time back to serve the community.

Stephen

Read other 2 answers
RELEVANCY SCORE 92.8

I'm just going to throw out as much info as I can think of. I run XP, ran defogger, then dds, but gmer crashes before the scan is complete. It gets to a certain point and crashes. The folder it gets hung up on is:

c:\documents and settings\myname\application data\mozilla\firefox\crash reports\pending (Ironic!)

Mainly this is just affecting searching right now, with a few pop ups, but it's getting worse so I need to get rid of this ASAP!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Dawg at 13:59:28 on 2012-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.424 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience&... Read more

A:TDSS and Google/Bing redirect search results

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Replace your hosts file first.Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=Download the program HostsXpert to restore the default hosts file back onto your machine.Unzip the program and execute it.Select "Restore MS Hosts File".Close the application.=*=Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the ... Read more

Read other 11 answers
RELEVANCY SCORE 91.6

Hello,

Today while browsing my AGV notified me that it caught a threat and moved it to the virus vault. Soon after I began having redirects in my Bing search results. I was redirected to Scour the first time and then a couple of other sites during later attempts. I did not get the name of those sites because I hit the back button as quickly as I could. I attempted removal instructions found on the net to no avail. I used rkill, tdsskiller, and scanned with Malewarebytes and AGV. Both found nothing and I'm still getting redirects.

Thank you for the help!

Here is my log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mr. Holbrook at 20:25:38 on 2012-09-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012&... Read more

A:Infected with Scour Redirect and other Redirects in Bing Search Results

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 90.8

On @11/1 i would get redirected to sites that have nothing to do with the search engine result i clicked on. I would need to rerun the search and click on it again to get to it. BACK does not work on the site i'm redirected to, it just sends me to the main page that i'm redirected to.Happens with bot IE and Firefox.I have dwm.exe running from my temp directory and i can't delete it, even in safe mode. Also looks like shell.exe and svchost.exe are running from a wrong directory. Note: I downloaded GMER but the buttons that the instructions say to check are grayed out & uncheckable. Services, Registry & Files & c:/ & ADS are the only ones i'm allowed to check. I did not run it.Here are my logs as per http://www.bleepingcomputer.com/forums/topic34773.html .DDS.txt:DDS (Ver_10-11-03.01) - NTFS_AMD64 Run by John at 4:49:51.15 on Thu 11/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1630 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows&#... Read more

A:Browser redirect in Search Engine results (Yahoo, Bing, Google)

Moderator - please close this thread.
I followed boopme's 1st post in the below thread and i'm good now.
http://www.bleepingcomputer.com/forums/topic358309.html

THANK YOU!

Read other 2 answers
RELEVANCY SCORE 75.6

well it gives me the web search results, image results ( cant even previewing them), video results but I cant aceess the pages. Simply the tiles become grey when clicked but nothung happens

Read other answers
RELEVANCY SCORE 74.8

Google search results being redirected when using IE, but not when using Chrome.

I have tried these fixes without success....

Norton Internet Security 2009
MalwareBytes
SuperAntiSpyware
CCleaner
GooredFix
VundoFix
ComboFix (I can submit log if requested)

I have not yet run HijackThis.

Please help.

Thanks, RGWomack

Read other answers
RELEVANCY SCORE 74.8

Avast keeps coming up with mailicous URL Blocked.
The IP addresses it reports as Malware are 64.111.211.158 and 64.11.211.165

I've run just about every malware scanner/remover I can find and still I keep getting redirects and the avast warning. I've tried following the advice in other posts here and have had no success so I am opening up this post in hopes that someone has encountered this.

Here is the DDS.txt
I will append the gmer log later since the last time I tried to run it IT locked up.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Ali at 17:34:13 on 2011-07-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1026 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32&... Read more

A:Google/Bing Search Results redirecting

Here are the results of the GMER scan

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 18:41:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK3263GSX rev.FG020M
Running: gmer.exe; Driver: C:\Users\Ali\AppData\Local\Temp\kwtdrpow.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A26202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x910A5CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A2881C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A28874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A2898A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ... Read more

Read other 4 answers
RELEVANCY SCORE 74.8

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ken at 10:55:03 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.874 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32&... Read more

A:Google/Bing search results keep redirecting.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that ... Read more

Read other 12 answers
RELEVANCY SCORE 74.8

GMER locked up my PC twice during file scanning segment. The log attached resulted from a scan with Files unchecked. I am leaving for a 10 day road trip 9/7 and won't have access to the PC so work me in accordingly.

Thanks in advance.
Jay
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:32 AM, on 9/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe... Read more

A:Google, Bing search results re-directed

Read other 8 answers
RELEVANCY SCORE 74.8

This computer was infected but cleaned with Norton Internet Security 2010 quite some time ago. I do not have the logs for those cleanings but today's full scan turned up nothing. Clicking on search results will bring up fake pages. Sometimes going back and clicking the link again will bring up the right page. It happens about 1 in every 4-6 search results.I've scanned with MalwareBytes, SuperAntispyware and Norton and nothing seems to correct this problem. I have followed the instructions on posting here and following is the DDS.txt report:--------------------- cut here----------------------DDS (Ver_09-12-01.01) - NTFSx86 Run by Jim at 12:42:00.75 on Wed 01/06/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.257 [GMT -8:00]AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech ... Read more

A:Google (And Bing) search results are being redirected...

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

Read other 3 answers
RELEVANCY SCORE 74.8

Sometimes when a search result link is clicked a window is displayed with an animated graphic in green or orange that says redirect , then a page opens that is not the page from the link. Other times there is no animated graphic but the page that opens is not the one whose link was clicked on. Sometimes, there is a warning banner at the top of the browser window stating this site is not safe. Navigating back to the search engine and clicking on the same link opens the correct webpage. Some links lead directly to the correct webpage. Have scanned whole computer in normal mode with updated AVG Anti-Virus Free Edition 2012 and updated Malwarebytes Anti-Malware free, niether found any malware. The last malware detected and quaranteened by Malwarebytes on 7-19-12 was Trojan.Happili.
The computer may be running more slowly and the display might flicker every once in a while.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Arnold at 13:02:18 on 2012-07-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.256 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAFor... Read more

A:Google and Bing search results redirected in IE8

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

Read other 50 answers
RELEVANCY SCORE 74.8

I could not get DSS to run without an error and outputing garbage. GMER Output (ARK) is as follows:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-24 22:43:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.12.0
Running: gmer.exe; Driver: C:\Users\Kathleen\AppData\Local\Temp\uwdcrkob.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x90F32BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x90F3452C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x90F34782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x90F349FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) Z... Read more

A:Bing & search engines results redirected

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 24 answers
RELEVANCY SCORE 74

Any search results in Firefox from Bing or Google (I haven't tried other search engines) redirect to pleasewaitsearch.com, then redirect again to another random site.Opera and Internet Explorer seem unaffected.I've scanned with Microsoft Security Essentials, Ad-aware, Spybot, SuperAntispyware, Hitman pro, and Malwarebytes. Some of them found and removed stuff, but didn't fix the redirect problem.Disabling Javascript in Firefox does fix the redirect.I tried to scan with gmer but it didn't work. It said c:\windows\system32\config\system didn't exist. I went there and it showed up in the folder with a size of about 13 megs. I tried opening it in notepad++ which said it didn't exist and asked if I wanted to create it so I did. gmer no longer threw that error when started but when I start a scan it says the file is in use by another process then proceeds to scan and find nothing (the log is empty).Also, all the gmer checkboxes are grayed out except Services, Registry, Files, ADS, and my drives.Thanks for any help you can give me, this thing is driving me nuts.Here's my DDS.txt:DDS (Ver_10-03-17.01) - NTFSX64 Run by Chris at 18:43:30.90 on Tue 08/17/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4373 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-501... Read more

A:Firefox Google/Bing results redirect to pleasewaitsearch.com

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 74

A day or two ago I picked up something that redirects the search sites results to ad sites. This happens in IE and Firefox. It seems to happen with the results from google, yahoo and Bing. I havent really tried any other search engines. I have AVG free installed, and the spybot resident. I have run MalwareBytes, Spybot and although they found some tracking cookies and such, have not fixed the issue. I d/l'ed and installed HitMan Pro 3.5 as others have had luck with Rootkits with that, and it did report finding a rootkit in firefox.exe and quarantined it, removing firefox. It runs cleannow too, but the redirection remains.Attached are le logs from the Preperation guide.I really appreciate any help you can give me, thanl you so very much.DDS (Ver_10-03-17.01) - NTFSx86 Run by Philipvw at 17:53:37.68 on Sun 08/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.514 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:&... Read more

A:Google, Yahoo, Bing search results Redirection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 25 answers
RELEVANCY SCORE 74

Multiple browsers and multiple search engines,
Search results appear normal, but links (clicked or copied) all begin hxxp://adsense.yahoodbengimesearch.com/...

Clear cache problem resolves temporarily, then recurs after a few searches.

Symantec Antivirus Corporate Edition 10.1.7 defs from Jan4, 2011 finds nothing.

Malwarebytes finds nothing wrong:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5457

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/4/2011 12:09:48 PM
mbam-log-2011-01-04 (12-09-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 161421
Time elapsed: 47 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT is this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:41:46 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WI... Read more

A:Search results hijacked (IE7, Moz 6.15; Google, Yahoo, Bing)

Ran Kaspersky TDSS rootkit and "Cured" Backdoor.Win32.Sinowal.knf

So far effective.
2011/01/05 11:12:15.0234 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/05 11:12:15.0234 ================================================================================
2011/01/05 11:12:15.0234 SystemInfo:
2011/01/05 11:12:15.0234
2011/01/05 11:12:15.0234 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/05 11:12:15.0234 Product type: Workstation
2011/01/05 11:12:15.0234 ComputerName: SVAHS-A-130-TEA
2011/01/05 11:12:15.0234 UserName: User
2011/01/05 11:12:15.0234 Windows directory: C:\WINDOWS
2011/01/05 11:12:15.0234 System windows directory: C:\WINDOWS
2011/01/05 11:12:15.0234 Processor architecture: Intel x86
2011/01/05 11:12:15.0234 Number of processors: 1
2011/01/05 11:12:15.0234 Page size: 0x1000
2011/01/05 11:12:15.0234 Boot type: Normal boot
2011/01/05 11:12:15.0234 ================================================================================
2011/01/05 11:12:15.0390 Initialize success
2011/01/05 11:12:23.0140 ================================================================================
2011/01/05 11:12:23.0140 Scan started
2011/01/05 11:12:23.0140 Mode: Manual;
2011/01/05 11:12:23.0140 ================================================================================
2011/01/05 11:12:24.0156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/05 11:12:24.0234 ACPIEC (98... Read more

Read other 12 answers
RELEVANCY SCORE 74

Both Firefox (v3.6.3) and IE 8 get redirected from the google and bing search pages. When I click on links they get redirected to other sites. Also, randomly the speakers start blaring advertisements. Task Manager shows instances of IE running in the background. Killing the IE process stops the ads from the speakers.I disabled using Defogger, then ran the DDS utility and am supplying the two logs. The GMER utility does not run to completion. It closes before I can save the logs. I saved a log in the middle of the scan and am attaching it. Not sure if it is useful. Additionally, I ran TDSSkiller and it indicated that I had a 'Driver "atapi" infected by TDSS rootkit!' but it could not cure the problem.I have also run MalwareBytes and Spybot Search and Destroy and both now provide clean scans but the browser redirect problem still exists.Please help.________________DDS.log:_______________DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 12:07:25.09 on Fri 04/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.295 [GMT -4:00]AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files�... Read more

A:Browser gets redirected from google, bing and other search results

Hello pn123 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be f... Read more

Read other 12 answers
RELEVANCY SCORE 74

Hello.

For the past several days whenever I would use google, yahoo, or bing, my search results are redirected through a website called "searchingandclick44.com" and the original search terms are then plugged into several other websites.
I'm not completely sure that this is connected to it, but at the same time this started happening I became unable to use Gmail, as my browser (Both IE and Firefox) started saying "There is a problem with this website's security certificate." The same thing would happen when I used other websites that required the use of Gmail, such as signing into Youtube.
Occasionally when using the search toolbar to the right of my address bar with google, it will state that the 302 has moved and will give me a link.

I have tried to use MalwareBytes, but it will not pick up the problem, even after updating the program.
I tried to use gmer to see if I could find anything, but that didn't work either, because whenever I open it, it says, "C:\Windows\system32\config\system: The system cannot find the file specified." And the only things that can be checked afterwards are Services, Registry, Files, and ADS.

I use Windows 7, IE 8, and Firefox 3.5.11

I'd like to thank you in advance, and I look forward to you're help.
Ivan the Submissive.

A:Search results for Google, Yahoo, and Bing are redirected

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 1 answers
RELEVANCY SCORE 70.8

Hi all, my computer appears to be infected with a redirect virus. When I perform a search on Bing and click a link my browser gets redirected to a site I didn't choose. I'm operating Windows Vista with Microsoft Security Essentials. I ran Malwarebytes and AdAware and neither program found anything. Below is my DDS log and I've attached the Attach and GMER logs as requested. If you need any other info please ask. Thank you!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by office depot at 14:10:43.35 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.668 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rp... Read more

A:Bing search redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 28 answers
RELEVANCY SCORE 70

Hi there, so whenever I search using bing or google and try to open the search results they keep redirecting to potentially dangerous looking sites
and also my home page keeps going to isearch.avg.com even though i dont have it in my new tab or homepage settings. I have a 64-bit Windows so am pasting the DDS Log only.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by kpn at 18:21:24 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.872 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\... Read more

A:Google, bing search results keep redirecting to malicious looking sites and home page redirects to isearch.avg.com

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 33 answers
RELEVANCY SCORE 70

Within days I have been getting redirects to sales sites when I use Bing on Firefox. Does not occur with Google, nor on IE with Bing or Google, nor on aol with Bing or Google. Only redirects when using Bing on Firefox. I have read some previous posts and have downloaded the couple things it says to start, but did not want to go any further without your approval. Here is the first from RKUnhookerLE which says I'm clear. At anyone's say so I can run the next thing but wanted to make sure I wasn't missing anything. Thank you for your time looking at this for me.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0C4000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF633D000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1470464 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF32B000 C:\... Read more

A:redirect from Firefox using Bing search only

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 8 answers
RELEVANCY SCORE 70

Hi - I have been trying to get rid of this thing myself by looking and copying the steps in various threads and finally decided that it is beyond my capabilities to do myself. I used Malwarebytes Antimalware and AdAware to try to delete it but was unsuccessful. I have Symantec Antivirus on my computer but it did not catch it. In all cases, the various programs did find something to remove and I thought it would take care of it, but it did not.

I may have some other virus as well but I am not sure as the Norton Antivirus no longer reports anything. However, things are still running slow and the machine locks up from time to time.

At any rate, thanks in advance for the help - I am so glad that you folks are out there to help people like me.
Here is my DDS.txt file.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Poki at 19:58:49.51 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.105 [GMT -8:00]
.
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
s... Read more

A:Bing search redirect virus + others ?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 14 answers
RELEVANCY SCORE 69.2

Hello,
After searching on Google or Bing, clicking on a link in the results redirects to sites such as yellowbook.com or get-answers-fast.com. MalwareBytes detected and removed about 50 infected files, but the redirecting is still happening. This occurs on both IE and Firefox. The DDS is pasted below. I have attached ark.txt, and 2 Malwarebytes logs that show what was removed, and a third that shows no infections. Thanks for the help!

===========================================================
DDS LOG
===========================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Teacher at 10:01:02 on 2011-11-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.1153 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestr... Read more

A:Infected with Google/Bing search redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 12 answers
RELEVANCY SCORE 69.2

Good morning,
I'm having a problem with a search engine redirect. Most results in google and bing are redirected to an undesireable site. Also, when I open IE and type in an address, a new window opens up with an undesirable redirect. In addition to this, I'm also having the following problems:

-"generic host process for Win32 Services" error message
-"No active mixer devices" error message when I try to adjust audio volume
-generally slow running computer
-restarts frequently needed because software freezes when opening

Below is my dds log as well as an attached zip file with the second dds log and the gmer log. Please let me know what I can do to fix this problem. thanks!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by bdavidson at 10:10:08.95 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18702
============== Running Processes ===============
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\sy... Read more

A:Search Engine Redirect (google, bing, etc.)

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 11 answers
RELEVANCY SCORE 69.2

UPDATE 3/28: Tried a Google and Bing search today, and none of the links appear covered by redirects. Before receiving instruction not to make any changes to my system, I ran another Anti-Malware scan. The results:Memory Modules Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on reboot.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PkgMtend (Trojan.Agent) -> Value: PkgMtend -> Quarantined and deleted successfully.Files Infected:c:\Users\Michael\AppData\Local\Temp\ftpgent.dll (Trojan.Agent) -> Delete on rebootI am not sure if this will completely erradicate the problem, logs from DDS and GMER (pre-antimalware removal) below:Hello,As of yesterday when I search using Google and Bing I am redirected to various sites when attempting to follow links. The redirect links affect most, but not all of the search results. I am running Windows Vista Home Premium, Firefox version 3.6.16. I have run Malwarebytes Anti-malware, which found three malicious files yesterday, 1 Trojan.Agent and 2 Trojan.Dropper. I deleted these files and restarted. I have also run a full scan using McAfee, which registered and deleted 3 trojans. I am pretty much a novice at most of this stuff, but I can follow directions well. Any help is greatly appreciated.Regards,Mike DDS log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Michael at 15:4... Read more

A:Search engine redirect (Google, Bing)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 69.2

Hi,
I am getting redirected from Google and Bing seach results page to random unrelated pages.
Avast! is giving a message that there is a rootkit detected on startup at C:\\WINDOWS\system32\drivers\disk.sys but is unable to resolve the issue.
I have access to the XP reinstall disc that came with the computer.
Thank you in advance for your assistance.
Cindy
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Cindy at 20:50:16.54 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.531 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
... Read more

A:Google and Bing search engine redirect

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a... Read more

Read other 9 answers
RELEVANCY SCORE 69.2

Whenever I google search something and click a result, the page usually redirects to get-search-results.com

I tried running several programs like Ad-Aware and Microsoft Security Essentials, however they are saying my computer is clean. How can I remove this? Thanks

Windows XP / 32bit computer

TIA!

A:Google Search Results Redirect to *get-search-results.com

I am having the exact same problem. I've run almost every kind of scan I can think of (Spybot, AVG, SuperANTI Spyware, Microsoft Essentials, etc) and it won't get rid of it.

Read other 2 answers
RELEVANCY SCORE 68.4

Hello,

I keep getting redirected when I search something in Google or Bing. After searching something on either search engine, the search results page will load, but once I click on one of the result links it redirects me to something totally differnt. The websites I'm redirected to vary between various websites - often including something called "Mfeed", "Stopzilla" and a few others. I have tried searcing with both internet explorer and firefox with the same results. I am also unable to log onto Google Talk or Skype. When I try to log onto Google Talk I get an error message that says "Could not authenticate server".

I first noticed this off and on a week or so ago but wasnt sure if I was imagining things, since it only happened rarely. Approximately two days ago I recieved a notice that my outlook was signing onto a server without a valid signature, but I clicked "ok" or something (in hindsight, not the smartest idea). Since then, the search engine redirects have been increased significantly and now 100% of the search engine results are redirected.

Since I noticed the infection, and before I logged onto bleeping computer, I ran Malwarebytes Anti-Malware, which found 8 infections and then said it removed them. I also ran SUPERAntiSpyware which found 1 trojan and 993 adware cookies, all of which were removed by the program.

I hope this information is helpful to anyone. If anyone can help me I would greatly, greatly appreciate it... Read more

A:Google/Bing Search Redirect - seems like a hijack problem

Apologies for the improper post - I am just reading about the proper way to post a request for help. I am a noob - apologies. I will post a proper posting as soon as I can run the proper programming. Thank you.

Read other 1 answers
RELEVANCY SCORE 68.4

cannot conduct any searches on the computer. Will bring up searcg results but everytime I click a result from the search I am redirected to other pages such as http://search.us.b00kmarks.com/search.php?keyword=norton+internet+security+systems and http://www.blinkx.com/ac/cb?adid=02-100-201-300-404-25&affiliate=6363F6E9%2D9BFC%2D4F79%2D9439%2D761078D881A1 redirected pages are always different. dds text below:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by kelly at 20:06:55 on 2011-07-24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.479 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc... Read more

A:Google, Bing and other search engines redirect constantly

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 7 answers
RELEVANCY SCORE 68

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security Agent *Disa... Read more

A:search engine redirect virus (Google/Bing/Yahoo)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 68

Hi

I am experiencing problems with my Internet Explorer (IE). Whenever I search for a keyword on any search engine (Google/Bing/Yahoo), the main links of the results would redirect to various Ad websites. When I point the mouse over the main link, the status bar of the IE shows a link starting with http://1942.r.google.com... If the link is clicked, another window of IE opens up and redirects to another site. However, if I close that window or press the back key, it will take me to my original window that I initially intended to go to.

I, like any other tech, ran several software in safe mode, such as AVG, Trend Micro Worry Free, Symantec Endpoint Security, Spy-Bot, Ad-Aware, Malware Bytes and more. Even though it cleaned many viruses/spy-wares, it could not fix the redirecting issue. I even checked and removed suspicious registry entries from the system. However, I was unable to get rid of the redirection.

I am including log files that were requested. Please help get rid of this redirection issue. Any help will be greatly appreciated.

Thank You!

========================= DDS.txt =====================================
DDS (Ver_10-12-12.02) - NTFSx86
Run by raf at 21:53:40.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1284 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Security... Read more

A:search engine redirect virus (Google/Bing/Yahoo) on IE

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They ... Read more

Read other 10 answers
RELEVANCY SCORE 68

Recently have been unable to search on any of the search engines. When doing a search on google or other sites I am redirected when trying to click on a site of interest. Attempted to use antivirus and anitmalware without luck.

Appreciate boopme and his assistance
Attached is the information requested

Thanks for the help

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nicholas at 19:26:12.43 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.80 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\... Read more

A:Infected with google/bing/yahoo etc redirect virus and un able to search

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 16 answers
RELEVANCY SCORE 68

I don't remember the exact day it started, but for the past week or so, I have had issues when I try to click on a search result link from any search engine: Google, Bing, etc. Like so many others in different forums/posts I have read over the past few days, if I cut and paste the shortcut into the address bar and hit Enter, it takes me to the appropriate site. But if I just click on the link, I am redirected to anything from porn to shopping to completely random sites. (There is a green globe before the web address for every site I am redirected to, if that helps at all.) That seems to be the only issue I have currently, although a few days back my firewall turned off on its own. Since then, I have downloaded and run Ad-Aware and Malwarebytes' Anti-Malware software, as well as the (paid version of) Spyware Sweeper and (free version of) AVG Anti-Virus that I already had running on my system (Windows XP). At first, a trojan was found (Trojan.Backdoor.ProgDav) and after two tries, seemingly removed. I also had a Win32/Cryptor virus found and removed and two other viruses I can't recall. I have run full scans using everything I have over the past day (in both safe and regular mode) and nothing has been found. But the redirecting links problem still persists and I am worried that there are worse things happening to my computer behind the scenes that I can't detect with the naked eye. Any help would be appreciated; if I can't figure this out soon, I&#... Read more

A:Search Engine (Google, Bing, etc.) Link Redirect Problems

hello JHWK54ME and to Bleepingcomputer.if I can't figure this out soon, I'm going to have to take my laptop in to a professionalmethinks we're going to put these guys out of business one day Yup. . . you've got a nasty on your machine. We can get rid of it. . . but first, a warning.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you d... Read more

Read other 38 answers
RELEVANCY SCORE 67.2

I have had a search engine redirect virus for some time. Inititally I thought it was the "google redirect" virus, so I started playing with other search engines (Bing, Yahoo) from both Firefox and IE, but I get redirected on all search hits through those engines too. I disabled PrevX software, Spybot software, and AVG software, ran Malwarebyte's Anti-malware which identified 5 things to remove - most it couldn't remove until reboot - but the reboot did not remove them. I ran Hijack This, which directed me to here and to the DDS tool.

Thanks in advance - Sara.

The DDS log is as follows:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sara at 11:07:36.18 on Sat 06/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\McAfee\Common... Read more

A:Redirect virus from variety of search engines (e.g., google, bing, yahoo)

I also should mention two things:

1 - that I have run "Find" on GooredFix.exe and here is the log it creates:

GooredFix v1.92 by jpshortstuff
Log created at 13:42 on 27/06/2009 running Option #1 (Sara)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="J:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="J:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="J:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="J:\Program Files\AVG\AVG8\Firefox"
And 2, I have run CCCleaner, and here is that log (though I did not have it clear the Firefox cache as I was busy composing this post at the same time):

CLEANING COMPLETE - (4.849 secs)
------------------------------------------... Read more

Read other 7 answers
RELEVANCY SCORE 67.2

Hey all,I have a nasty redirect virus/malware on my computer that I have been trying to delete for 2 days now. The symptoms are as follows:-Google and Yahoo are in German (and therefore all websites I visit through those search engines are in German). For example, when I type "Yahoo" in my Google search bar it directs me to google.de, and then when I click Yahoo the entire website is in German. It does this with other sites such as CNET, etc. as well.-Clicking links often results in multiple redirects-I have Spybot and AVG 9 Free. Spybot has detected around 200 malicious files but when I attempt to remove them, I get an error saying something about the System32 host files.-I have checked for the TDSSServ.sys and didnt see one.I would appreciate ANY and ALL assistance. It is driving me crazy! I want to avoid wiping at all costs if I can, as it is a computer I received through college with a laptop lease program which I have since bought out and it has several programs on it thanks to the University which arent standard.THANK YOU! P.S. I have the DSS files below and attached. When I attempted to obtain the GMER file, my computer froze the first time and on the next two attempts I received the following blue screen with the message:"STOP: c000021a {Fatal System Error}The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down.=================================DDS (Ver_10... Read more

A:Possible Redirect Virus (in addition to all search engines/search results being in German)

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either AVG or McAfee.Important note: It is important to run the removal tool after you uninstall the AV that you wish to remove.AVG removal tool --> HEREMcAfee removal tool... Read more

Read other 20 answers
RELEVANCY SCORE 66.8

I cannot browse to any of the following sites with IE or Mozilla:http://www.safer-networking.org/en/download/http://malwarebytes.org/I can browse to www.google.com. It allows me to enter a specific search keyword, pressing search and Google then returns results. However I am not sure if they are normal results or not . They do look pretty legit, (ie.. if I search for "antivirus", I see legitimate sites return from the search like avg.com and symantec.com, etc...)The tricky thing is clicking on one of Google????s search results you????ve just recieved. About every other time you will be redirected through one of the following sites/proxies/junkcounter.fastclick.net smartbizsearch???? www. search.pro???? www. missngpage.com/search1.php?qq=fastclick.net???? http: //64.111.196.162/click.php?c=14ed536e052058187ed5fabaef00???? http: //xml.trafficengine.net/screen?aid=1031&cid=268&subid=utr_2642&xargs=There is more???? just too many to list.My temporary workaround for this is hitting the back button two or three times to return to the google results page, and then clicking on the desired link again. Which is really annoying and surprisingly time consuming.And other times I can click on search results from google and there is no problem at all????. I installed Spybot from flash disk. Installed correctly, however was not able to run executable. I noticed after about 10 seconds of Spybot not executing the desktop screen seemed to "dissapear... Read more

A:Google Search Results Redirect | search.pro | counter.fastclick.net

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 66.4

Please help! I have been infected by something that redirects me do random sites after I have done a searchs on Google, Yahoo or Bing. The latest redirects have taken me to the following website hxxp://server2.mediajmp.com/surveys/don-index.html?sub=yahoo.comor hxxp://server2.mediajmp.com/surveys/don-index.html?sub=google.comBoth of these links have an audio file asking me to participate in a 30 second survey. I have run Byspot Search & Destroy, PC Tools Spyware Doctor. Adaware & Malwaresbytes Anti Malware and still can not rid this thing. Other sites worth noting which are part of the redirect there are 9 click.php files here are some of the URL'shxxp://64.111.208.43/click.php?re=1&cc=eNoVUs3OqjAUfCATbQuUduECUPlERAFBYHNDC4j8qKCCEB7-amYyyUxOchYz10kkFE0I4GlfKB-r2H4mMAdQ_OkvBxRCRABCVMJTeIbSVjdyXn-q1F4uJ8gTIGaMEiDwOOYZSBCDCUScpISSmP-DNOM4FgSQUkw4FzOJUSQnNMNMRoyyCaJJmFLrXnlW9b6Mir0wGmLUGrevD7-yhfJuKbaSO2LDe-e-jfr6eOwwbt24dcfnuD96_Wc1k9vv20p5FabpGsRD2H0koPKNzs5eoguHRTc8mjxVr59z4dB1mWe3esXtNKt0t6tIK-zOg8w3z-RlVUBk6_Wi1AYr90vzSA6CT1Zdu7iPqNmWffHurdQYj3-qLcB920inRluczuqmf2yybnSawNEeRSll1Ws3vNP4-Iy4FP3lQxU4GCq9mvsZ9e-BWjfrEgkzwxc7sFadYIisp25oPDx_Bh_qoLeiY9kf6pNXBhqbxfygaKi-xeSa6UPirzwxuuyk0NuBgofrw-4un3TlOr5uTXgYxtCTN7PNFcscRqV5qQ-tebLExZ4IWvq4pezQlK5K3MdMSYYn8y7LiZI5QtJcIF9OYIKEzEUwl9Ec_-yEpkRIBLOGHbtZIAqMVxgYbRQ4PdM3ReRKBUOg-17-8O00RhCbZ-cdBepg1lbHfntBIMFJmooES4jiFCBKMlliTGIA41RG_wGSB9Po&cu=54d123a8433ce1b67595029df86bafdf&co=bc2be11daa9a7ffd8567da1141096460&... Read more

A:Search Engine Result Redirect Google, Yahoo & Bing http://r9237242.cn/

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

I would appreciate any advice on how to fix this..My computer caught a virus and screwed up the admin account. I managed to get that bug removed. Since then, I have problems when I click the results from search engines. When I click search results, I get sent to different sites. I typically use Google Chrome but it's happened on Bing as well. For example, I did a google search on "virus removal". The link on the Google page was for "www.symantec.com/security_response/removaltools.jsp" but when I click the link, it goes to "http://answers.nixxie.com/s.php?k=virus%20removal&adid=13190&ts=1001SMA_A14&subid=263328-165793-133-27681&click=1609561864-41d3.11f1.50788005.3b97&ref=http://market-find.com/index.php?search=virus%20removal"Cicking "www.kaspersky.com › Support" takes me to "http://r.looksmart.com/og/pr=Psr;ro=1;rc=4;digest=2318dc8762ee3009c073e486df8a499b;kid=6f71bb91533de8f9bb8d92689e59bf39;t=1350074566;v=8;data=gg1A2cbB_NiFMmKDDBkRvp9xLNM-gHzw1ipDmvpgzJM7kA2vsa63GrjukRD6oalWiDGbgjD4_lX7zIN4HI9nmNM701OzoDmp2aba_b-8rQiuWrRnSR6SldsYzIg9duKKiVELnFMfFbijvsXXHu4z3OBZgeOJjsbbEsL9UNuMEytcIVbfpvA8EA;uh=157x17525143547048890673;la=2438185;lm=3039186;ad=756865385;ag=766460146;kw=1609561864;qt=virus%20removal;vr=17;lt=EM;ip=50.80.167.198;pt=;st=118.25.90.0.0.0.0;os=929.249.9.0.4.230.2.6;sy=keyword;my=smart;geo=894417;vid=0;subid=137419-386-27681;opi=bizz_main;lg=0;sqid=610B9C4C-14AD-11E2-A738-E60E0A2C1E10... Read more

A:When click results from search engine (Google & Bing), get sent to wrong sites (ex http://click.livesearchnow.com/...)

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 24 answers
RELEVANCY SCORE 63.6

Guess its been a few days since I am being redirected whenever I click on my search results. I am using Windows 7 Home Premium and Google Chrome.For the last 10 hrs of so, Ive been reading the posts and trying to fix the problem but to no avail. Have used Combofix, OTM, TDSSkiller, TFC, Hijackthis and Smitfraudfix. This problem is still there and I feel like banging my head against the wall.Will look forward to some guidance for getting out of this hell.ComboFix 11-05-12.04 - Home 05/13/2011 19:39:22.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2145 [GMT 3:00]Running from: c:\users\Home\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system3... Read more

A:Search Results Redirect [PLZ HELP]

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 63.6

I'm having trouble with my search engine results. Almost every time I click on a result, it redirects me to some other unrelated web site. It does this with Yahoo, Google, Ask, etc. Please help me.

A:Search Results Redirect

Run these online virus scanners:BitDefenderhttp://housecall.trendmicro.com/Also this online Trojan scanner:TrojanScanAre you using these basic security programs?(They're all free.)AVG Anti-Spyware - Windows 2000 and XP, only.Ad-AwareSpybot S&DSpywareblasterSpywareGuardIf not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...Download them, update them, and then run them.Important:Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.Other useful Tutorials:Using Ad-Aware SEUsing SpywareBlasterUsing SpywareGuardUsing AVG Anti-SpywareIf that doesn't help rid you of the problem, then:Read How to post a HijackThis Log. Please read, and follow, all directions carefully!!!Then, run a log, and post it in the HijackThis forum, >at this link<. Do not, post it in this topic.Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, m... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

I am having a problem with Google search results redirecting to ad-filled pages rather than to the actual result. When I search for something in Google, I get the normal Google result page, but clicking on one of the results sends me to some junk page instead of to the result. If I press "Back" to get back to the Google page, I can then safely travel to my intended result. I first noticed this happening with IE 8, but it has recently spread to Chrome as well. I use Symantec AntiVirus, ZoneAlarm firewall, and AdAware for anti-spyware. None of those are catching anything wrong. Thanks in advance for the help.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Adam E. Howard at 18:46:45.48 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1089 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Share... Read more

A:Search results redirect

Bump, please.

Read other 1 answers
RELEVANCY SCORE 63.6

Hi, thank you for providing this forum. Whenever I try to click on a search result from google I get redirected to a wide variety of search result pages such as OxySearch.com, toseeka.com partners.momma.com and so on. i attempted to research my HJt logfile myself and find the culprit, but after deleting several items and still encountering the problem I'm turning to experts. I'm running norton 360 which did nothing, the HJT log read as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:52 PM, on 2/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveU... Read more

A:IE Search results redirect

Read other 14 answers
RELEVANCY SCORE 63.6

Hello; the issue I'm having is that my search results constantly redirect to different sites, as this is affecting any search engine runs. Every once in a while, AVG also tells me that some trojan is running on my system; it occurs sometimes while I'm on Firefox, and while running a few other programs as well.

I hope you guys can help me; I've had some really bad experiences with trojans before and I really thought I was being careful this time around =[. Thanks in advanced.



DDS (Ver_09-10-26.01) - NTFSx86
Run by ZEE at 21:54:10.37 on Sun 11/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.263.1033.18.502.266 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\WTablet\Pen_T... Read more

A:Search results redirect

Hello -

I'd like to see a new scan with an updated version of GMER rootkit scanner.

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 18 answers
RELEVANCY SCORE 63.6

The Other Day I started noticing that my search engines were acting weird. Every time I clicked a result, it would get redirected to another page. There were only a few pages that came up and they came up repetitively. I used Malwarebytes' Anti-Malware a few times and it detected problems, fixed them for about a day, but then they came back. So I found out about HijackThis and decided to try to use it to figure out what the problem might be, until I saw that I needed to understand log files. So, I'm asking whoever reads this to tell me if they find anything that might affect the redirection of search engines or anything else that might be harming my computer. Heres the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:14:51 PM, on 12/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files&#... Read more

A:Redirect of Search Results

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 63.6

I am trying to fix a computer remotely.

When we search anything on Google we get results however when clicked on any search result it redirects to a different website.

Experts help needed.
MBAM not able to update.
Below is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:54 AM, on 11/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Windows\shell.exe
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\svchost.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\dwm.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\t... Read more

A:Search Results Redirect

Read other 6 answers
RELEVANCY SCORE 63.6

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

A:Search results redirect in IE

Thanks for your help. Log to follow, no problem running the scans although I forgot to turn off Avast and Winpatrol until dds was running, then I did so. Wasn't sure if I should have run it again.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lance at 20:43:00.36 on Sat 04/30/2011
Internet Explorer: 8.0.6001.19048
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.2543.1549 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\s... Read more

Read other 11 answers